[TOOLS-2962] 4.4.x TOOLS uses a vulnerable Go version - MongoDB Jira

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Minor - P4
Resolution: Gone away
Affects Version/s: None
Fix Version/s: 100.3.1
Component/s: All Tools
Labels:
None

Description

Problem Statement/Rationale

Customer runs container security scan on image and finds critical GO vulnerability

CVE-2020-28367 | high | 7.50 | go | 1.13.10 | fixed in 1.15.5, 1.14.12 | > 8 months

Steps to Reproduce

Twistlock scan on associated Kubernetes operator deployment images

Expected Results

Pass with medium and low CVEs

Actual Results

CVE-2020-28367 | high | 7.50 | go | 1.13.10 | fixed in 1.15.5, 1.14.12 | > 8 months

Additional Notes

This is fixed in the latest MongoDB tools shipping with 5.x. The customer wants to know why we cannot re-compile with better Go version and re-release.

Attachments

Activity

People

Assignee:: Tim Fogarty

Reporter:: Priyo Lahiri (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: Sep 14 2021 01:28:27 PM UTC

Updated:: Sep 28 2021 12:55:58 PM UTC

Resolved:: Sep 28 2021 12:55:57 PM UTC